← Back

CVE-2019-0588

nvd nist
Published: Jan 8, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

Affected (5)

Microsoft
1 product
Exchange Server
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Exchange Server
Version 2010 sp3_rollup25
Exchange Server
Version 2013 cumulative_update_21
Exchange Server
Version 2016 cumulative_update_10
Exchange Server
Version 2016 cumulative_update_11
Exchange Server
Version 2019

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.